diff --git a/routes/api/userRoutes.js b/routes/api/userRoutes.js index ac3429d..811e4b1 100644 --- a/routes/api/userRoutes.js +++ b/routes/api/userRoutes.js @@ -141,7 +141,7 @@ export const setup = function (router, con, server) { let ip = getIP(req); let setTo = `${res.locals.username} ${SHA256(req.body.newPW, res.locals.username, HASHES_COOKIE)}` let cookiesigned = signature.sign(setTo, cookiesecret + ip); - res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS }); + res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: true }); res.json({ "success": "successfully changed password" }); }); } @@ -197,7 +197,7 @@ export const setup = function (router, con, server) { let ip = getIP(req); let setTo = `${req.body.newUsername} ${SHA256(req.body.currentPW, req.body.newUsername, HASHES_COOKIE)}` let cookiesigned = signature.sign(setTo, cookiesecret + ip); - res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS }); + res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: true }); //updated username in the users table, but not yet on posts //TODO: update username on dms let sql = `update ipost.posts set post_user_name=? where post_user_name=?;`; //change username of every past post sent diff --git a/routes/logout.js b/routes/logout.js new file mode 100644 index 0000000..c00d47f --- /dev/null +++ b/routes/logout.js @@ -0,0 +1,10 @@ +export const setup = function (router, con, server) { + + const increaseUSERCall = server.increaseUSERCall + + router.get("/logout", function (req, res) { + if (!increaseUSERCall(req, res))return; + res.cookie("AUTH_COOKIE", "", { maxAge: 0, httpOnly: true, secure: true }); + res.redirect("/"); + }); +} \ No newline at end of file diff --git a/routes/setup_all_routes.js b/routes/setup_all_routes.js index 8dd4d4d..e7634bf 100644 --- a/routes/setup_all_routes.js +++ b/routes/setup_all_routes.js @@ -12,6 +12,8 @@ import { setup as servefilessetup} from "./serve_static_files.js" import { setup as userfilessetup} from "./userfiles.js" import { setup as userauthsetup} from "./user_auth.js" import { setup as applicationsetup} from "./authorize.js" +import { setup as logoutsetup} from "./logout.js" + export const setup = function (router, con, server) { const setuproute = handler => handler(router,con,server) @@ -27,6 +29,7 @@ export const setup = function (router, con, server) { setuproute(getpostssetup) setuproute(userroutessetup) setuproute(servefilessetup) + setuproute(logoutsetup) let global_page_variables = { getPID: get_pid, getDMPID: get_dmpid, diff --git a/server.js b/server.js index 19c424f..e756708 100644 --- a/server.js +++ b/server.js @@ -70,7 +70,6 @@ const WebSocket = ws.WebSocketServer; const router = Router(); const app = express(); -const DID_I_FINALLY_ADD_HTTPS = true; const con = mysql.createPool({ connectionLimit: config.mysql.connections, host: config.mysql.host, @@ -222,7 +221,7 @@ function increaseAPICall(req, res, next) { SESSIONS[session] = undefined; REVERSE_SESSIONS[ip] = undefined; }, 50000); - res.cookie('session', session, { maxAge: 100000, httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS }); + res.cookie('session', session, { maxAge: 100000, httpOnly: true, secure: true }); console.log(3, "sending session to " + ip); } } @@ -291,19 +290,19 @@ app.use(function (_req, res, next) { res.set("X-XSS-Protection", "1; mode=block"); next(); }); -if (DID_I_FINALLY_ADD_HTTPS) { - //auto redirect to https - app.use((req, res, next) => { - if (req.secure) { - //already secure - next(); - } - else { - //redirect to https - res.redirect('https://' + req.headers.host + req.url); - } - }); -} + +//auto redirect to https +app.use((req, res, next) => { + if (req.secure) { + //already secure + next(); + } + else { + //redirect to https + res.redirect('https://' + req.headers.host + req.url); + } +}); + app.use("/*", function (req, res, next) { res.set("x-powered-by", "ipost"); for (let i = 0; i < blocked_headers.length; i++) { @@ -342,7 +341,6 @@ var commonfunctions = { ensureExists, "dirname": __dirname, config, - DID_I_FINALLY_ADD_HTTPS, hcaptcha: { "verify":verifyHCaptcha, "sitekey":config.hcaptcha_sitekey @@ -367,11 +365,6 @@ END /API/* */ -router.get("/logout", function (_req, res) { - res.cookie("AUTH_COOKIE", "", { maxAge: 0, httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS }); - res.redirect("/"); -}); - console.log(5, "finished loading routes"); app.use(router); const httpServer = http.createServer(app); @@ -385,16 +378,12 @@ var httpsServer; import spdy from "spdy" -if (DID_I_FINALLY_ADD_HTTPS) { - httpsServer = spdy.createServer(credentials,app) - //httpsServer = https.createServer(credentials, app); - httpsServer.listen(config["ports"]["https"], function () { - console.log(5, "HTTPS Server is listening"); - }); -} -else { - httpsServer = httpServer; -} +httpsServer = spdy.createServer(credentials,app) +//httpsServer = https.createServer(credentials, app); +httpsServer.listen(config["ports"]["https"], function () { + console.log(5, "HTTPS Server is listening"); +}); + wss = new WebSocket({ server: httpsServer, perMessageDeflate: {